Authorization method, apparatus, and system applied to electronic lock

ABSTRACT

Embodiments of the present disclosure disclose an authorization method and an apparatus applied to an electronic lock. The method performed at a server hosting an instant messaging application includes: receiving an authorization request sent by a first instant messaging client at a first terminal, and the authorization request being used for requesting to grant use permission on the electronic lock to a second account; querying for, according to the authorization request, key information bound to the second account; and sending the key information to the electronic lock, the electronic lock being configured to add the key information into a trusted key information store. Moreover, the instant messaging application at the server can also be involved to further enhancing the authenticity of a person who tries to unlock the electronic lock based on the location of a terminal used by the person for accessing the instant messaging application.

RELATED APPLICATIONS

This application is a continuation-in-part application ofPCT/CN2017/073960, entitled “AUTHENTICATION METHOD APPLICABLE TOELECTRONIC LOCK, DEVICE, AND SYSTEM” filed on Feb. 17, 2017, whichclaims priority to Chinese Patent Application No. 201610089412.6, filedwith the State Intellectual Property Office of the People's Republic ofChina on Feb. 17, 2016, and entitled “AUTHENTICATION METHOD APPLICABLETO ELECTRONIC LOCK, DEVICE, AND SYSTEM”, all of which are incorporatedherein by reference in their entirety.

FIELD OF THE TECHNOLOGY

Embodiments of the present disclosure relate to the field of Internet ofThings, and in particular, to an authorization method, apparatus, andsystem applied to an electronic lock.

BACKGROUND OF THE DISCLOSURE

An electronic lock is a novel lock that identifies a user identity basedon key information, and opens or closes a lock body according to theuser identity. Common electronic locks include a password door lock, afingerprint door lock, a palm print door lock, and the like.

The fingerprint door lock is used as an example. Before using thefingerprint door lock, a user needs to enroll fingerprint information ofthe user into the fingerprint door lock, and a manager givesauthorization to the user corresponding to the key information. Anauthorization method provided by the related technology includes: Themanager establishes a Bluetooth connection to the fingerprint door lockby using a mobile phone application (APP), and controls, by using themobile phone APP, the fingerprint door lock to enter a “managementmode”; and under the “management mode”, the fingerprint door lockobtains, by using a fingerprint collector, a fingerprint enrolled by theuser, receives permission allocated by the manager by using the mobilephone APP to the fingerprint information, and associatively stores thefingerprint information and the permission. For example, the permissionallocated by the manager to the fingerprint information is: permissionto open the fingerprint door lock between 8:00 and 10:00 each day. Thatis, the user corresponding to the fingerprint information can only openthe fingerprint door lock between 8:00 and 10:00 each day.

In the foregoing method, because the user needs to enroll thefingerprint on the fingerprint collector of the fingerprint door lock,when being away from the electronic lock, the user cannot enroll the keyinformation such as the fingerprint into the electronic lock, and theauthorization cannot be implemented.

SUMMARY

To resolve a problem that when being away from an electronic lock, auser cannot enroll key information such as a fingerprint into theelectronic lock, and authorization cannot be implemented, embodiments ofthe present disclosure provide an authorization method, apparatus, andsystem applied to an electronic lock. The technical solutions are asfollows:

According to a first aspect of the present disclosure, an authorizationmethod applied to an electronic lock is performed at a computer serverhaving one or more processors and memory storing instructions to beexecuted by the one or more processors. The method includes:

-   -   receiving an authorization request sent by a first instant        messaging client at a first terminal, a first account being        logged into the first instant messaging client, and the        authorization request being used for requesting to grant use        permission on the electronic lock to a second account;    -   querying for, according to the authorization request, key        information bound to the second account; and    -   sending the key information to the electronic lock, the        electronic lock being configured to add the key information into        a trusted key information store.

According to a second aspect of the present disclosure, a computerserver includes one or more processors, memory, and a plurality ofinstructions stored in the memory that, when executed by the one or moreprocessors, cause the computer server to perform the aforementionedmethod.

According to a third aspect of the present disclosure, a non-transitorycomputer readable storage medium storing a plurality of instructionsconfigured for execution by a computer server having one or moreprocessors, the plurality of instructions causing the computer server toperform the aforementioned method.

The technical solutions provided in the embodiments of the presentdisclosure bring about the following beneficial effects:

The server receives the authorization request sent by the first instantmessaging client the first account is logged into, and queries for,according to the authorization request, the key information bound to thesecond account, so as to send the key information to the electroniclock, and the electronic lock adds the key information into the trustedkey information store. The problem that when being away from theelectronic lock, the user cannot enroll the key information such as thefingerprint into the electronic lock, and the authorization cannot beimplemented is resolved. Even being away from the electronic lock, theuser can enroll the key information into the electronic lock from aremote end, and the authorization is ensured to be implemented asnormal. Moreover, by forwarding the key information from the electroniclock to the server, additional protection is granted for protecting theelectronic lock from unauthorized access.

BRIEF DESCRIPTION OF THE DRAWINGS

To describe the technical solutions of embodiments of the presentdisclosure more clearly, the following briefly introduces theaccompanying drawings required for describing the embodiments.Apparently, the accompanying drawings in the following description showonly some embodiments of the present disclosure, and a person ofordinary skill in the art may still derive other drawings from theseaccompanying drawings without creative efforts.

FIG. 1 is a schematic diagram of an implementation environment of anauthorization method applied to an electronic lock according to someexemplary embodiments;

FIG. 2 is a flowchart of an authorization method applied to anelectronic lock according to an exemplary embodiment;

FIG. 3A is a flowchart of an authorization method applied to anelectronic lock according to another exemplary embodiment;

FIG. 3B is a schematic implementation diagram of an authorization methodapplied to an electronic lock according to another exemplary embodiment;

FIG. 3C is a schematic implementation diagram of an authorization methodapplied to an electronic lock according to another exemplary embodiment;

FIG. 3D is a schematic diagram of a message sending interface of instantmessaging according to another exemplary embodiment;

FIG. 4A is a flowchart of an authorization method applied to anelectronic lock according to another exemplary embodiment;

FIG. 4B is a schematic diagram of a message sending interface of instantmessaging according to another exemplary embodiment;

FIG. 5 is a block diagram of an authorization apparatus applied to anelectronic lock according to an exemplary embodiment;

FIG. 6 is a block diagram of an authorization apparatus applied to anelectronic lock according to another exemplary embodiment;

FIG. 7 is a block diagram of an authorization apparatus applied to anelectronic lock according to another exemplary embodiment;

FIG. 8 is a block diagram of an authorization apparatus applied to anelectronic lock according to another exemplary embodiment;

FIG. 9 is a block diagram of an authorization apparatus applied to anelectronic lock according to another exemplary embodiment;

FIG. 10 is a structural block diagram of a server according to anembodiment of the present disclosure;

FIG. 11 is a structural block diagram of an electronic lock according toan embodiment of the present disclosure; and

FIG. 12 is a block diagram of an authorization system applied to anelectronic lock according to an exemplary embodiment.

DESCRIPTION OF EMBODIMENTS

To make the objectives, technical solutions, and advantages of thepresent disclosure clearer, the following further describesimplementations of the present disclosure in detail with reference tothe accompanying drawings.

The term “a plurality” mentioned in the specification refers to two ormore. The term “and/or” describes an association relationship fordescribing associated objects and represents that three relationshipsmay exist. For example, A and/or B may represent the following threecases: Only A exists, both A and B exist, and only B exists. Thecharacter “/” generally indicates an “or” relationship between theassociated objects.

Referring to FIG. 1, FIG. 1 is a schematic structural diagram of animplementation environment according to an embodiment of the presentdisclosure. The implementation environment includes: an electronic lock110, a gateway device 120, a server 130, a first terminal 140, and asecond terminal 150.

The electronic lock 110 is a lock that identifies a user identity basedon key information, and opens or closes a lock body according to theuser identity. The electronic lock 110 has capabilities of data storageand data transmission. In some embodiments, the electronic lock 110 is apassword door lock (using a numeric character password as the keyinformation), a fingerprint door lock (using a fingerprint as the keyinformation), or a palm print door lock (using a palm print as the keyinformation). In some embodiments, the electronic lock 110 further has acapability of timing.

The electronic lock 110 establishes a wired or wireless connection tothe gateway device 120. The wireless connection includes a near fieldlow-power wireless connection. For example, the wireless connection isBluetooth or Zigbee or Wi-Fi.

The gateway device 120 has data transformation and transmissionfunctions. The gateway device 120 provides a data transmission servicefor the server 130 and the electronic lock 110 by using the datatransformation and transmission functions.

The gateway device 120 is connected to the server 130 by using a wirednetwork or a wireless network or both.

The server 130 is a backend server of a third-party application, and theserver 130 may be one server or a server cluster or a cloud computingcenter including a plurality of servers. In this embodiment of thepresent disclosure, the server 130 stores a binding relationship betweenthe electronic lock 110 and a manager account, and a correspondencebetween the electronic lock 110 and the gateway device 120. The manageraccount has management permission on the electronic lock 110.

In some embodiments, the third-party application includes: an instantmessaging application, or an application providing a servicecorresponding to the electronic lock.

The server 130 is connected to the first terminal 140 by using the wirednetwork or the wireless network, and the server 130 is connected to thesecond terminal 150 by using the wired network or the wireless network.

The first terminal 140 and the second terminal 150 are electronicdevices that have data transformation and transmission functions. Forexample, the electronic device may be a smart phone or a tabletcomputer. In this embodiment of the present disclosure, instantmessaging clients are run on the first terminal 140 and the secondterminal 150. A first account is logged into on the instant messagingclient that is run on the first terminal 140, and a second account islogged into on the instant messaging client that is run on the secondterminal 150. In some embodiments, in the implementation environment, aquantity of the first terminal 140 and a quantity of the second terminal150 are one or more.

In some embodiments, the wireless network or the wired network uses astandard communications technology and/or protocol. The network isgenerally Internet, but may also be any network, including but notlimited to any combination of a local area network (LAN), a metropolitanarea network (MAN), a wide area network (WAN), a mobile, wired orwireless network, a private network, or a virtual private network. Insome embodiments, data exchanged by using the network is represented byusing a technology and/or format such as a hypertext markup language(HTML), an extensible markup language (XML), or the like. In addition,all or some links may be encrypted by using a conventional encryptiontechnology such as a secure socket layer (SSL), transport layer security(TLS), a virtual private network (VPN), Internet protocol security(IPsec), or the like. In some other embodiments, the data communicationstechnology may be replaced or supplemented by using a custom and/orprivate data communications technology.

In some embodiments, a first user logs into his/her account of theinstant messaging application at the first terminal 140 and a seconduser logs into his/her account of the instant messaging application atthe second terminal 150. The first and second users can exchangemessages with each other after a direct-contact relationship isestablished between the two user accounts by the server 130. In someembodiments, a special user account associated with the electronic lock110 is established at the instant messaging application like the otheruser accounts. The user account associated with the electronic lock 110is managed by the user account associated with the first terminal 140.For example, the user account of the first terminal 140 can determinewho can unlock the electronic lock 110 by granting permission to accessthe user account associated with the electronic lock 110 to one of thesecond users.

In some embodiments, the electronic lock 110 maintains a set of trusteduser accounts and their associated key information provided by theserver 130 in its memory. Upon receipt of an entry of key information,the electronic lock 110 checks whether the key information matches anytrusted user account's associated key information and then unlocksitself when there is a match.

Referring to FIG. 2, FIG. 2 is a flowchart of an authorization methodapplied to an electronic lock according to an exemplary embodiment ofthe present disclosure. This embodiment is described by using an examplein which the authorization method applied to an electronic lock isapplied to the implementation environment shown in FIG. 1. Theauthorization method includes the following steps:

In step S201, a server receives an authorization request sent by a firstinstant messaging client at a first terminal, a first account beinglogged into the first instant messaging client, and the authorizationrequest being used for requesting to grant use permission on anelectronic lock to a second account.

In some embodiments, the first account is bound to the electronic lock,and has management permission on the electronic lock. That is, the firstaccount is a manager account.

In some embodiments, the second account and the first account are not asame account, a quantity of the second account is one or more, and thesecond account has a friendship with the first account, or the secondaccount does not have a friendship with the first account.

In step S202, the server queries for, according to the authorizationrequest, key information bound to the second account.

In some embodiments, the key information bound to the second account ispre-collected and stored into the server by the second account.

In some embodiments, the key information includes: password information,and/or fingerprint information, and/or pupil distance information,and/or iris information, and/or face information, and/or palm printinformation, and/or gait information, and/or heart rate information,and/or pulse information.

In step S203, the server sends the key information to the electroniclock.

In some embodiments, the server queries for a gateway devicecorresponding to the electronic lock, and sends the key informationobtained through query to the electronic lock by using the gatewaydevice.

In step S204, the electronic lock receives the key information that issent by the server and that is of the second account.

In some embodiments, the electronic lock receives, by using the gatewaydevice, the key information that is sent by the server and that is ofthe second account.

In step S205, the electronic lock adds the key information into atrusted key information store.

It should be noted that the foregoing step S201 to step S203 may beindependently performed to be an authorization method applied to anelectronic lock at a server side; and the foregoing step S204 and stepS205 may be independently performed to be an authorization methodapplied to an electronic lock at an electronic lock side.

Based on the above, in the authorization method applied to an electroniclock according to this embodiment of the present disclosure, the serverreceives the authorization request sent by the first instant messagingclient the first account is logged into, and queries for, according tothe authorization request, the key information bound to the secondaccount, so as to send the key information to the electronic lock, andthe electronic lock adds the key information into the trusted keyinformation store. The problem that when being away from the electroniclock, a user cannot enroll the key information such as a fingerprintinto the electronic lock, and authorization cannot be implemented isresolved. Even being away from the electronic lock, the user can enrollthe key information into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

In some embodiments, the electronic lock 110 may forward a verificationrequest including the key information to the server 130 for determiningwhether the attempt to unlock the electronic lock 110 should be grantedor not. For example, the first user account at the first terminal 140establishes a special user group within the instant messagingapplication at the server 130 for the special user account associatedwith the electronic lock 110. The special user group within the instantmessaging application includes one or more user accounts associated withthe second terminals 150 that have been granted the permission to unlockthe electronic lock 110. In addition to the user account identityinformation, the special user group also includes key information andpermission information that are uniquely assigned to each individualsecond user associated with a second terminal 150. For example, onesecond user may be granted a unique passcode for opening the electroniclock 110 for a specific time period and another second user may begranted to open the electronic lock 110 using his/her fingerprint foranother specific time period.

The instant messaging application at the server 130 provides anadditional security mechanism for preventing unauthorized access to theelectronic lock 110. For example, when a second user associated with onethe second terminals 150 arrives at a location where the electronic lock110 is located, the second user then enters the key information throughthe electronic lock 110. The key information is then submitted to theinstant messaging application at the server 130 for verification alongthe identity information of the electronic lock 110.

Based on the identity information of the electronic lock 110, theinstant messaging application at the server 130 identifies a specialuser group associated with the electronic lock 110 and then checkswhether the key information from the electronic lock 110 matches aparticular user account in the user group. If there is a match betweenthe key information from the electronic lock 110 and a particular useraccount in the user group, the server 130 issues an instruction tounlock the electronic lock 110. In some embodiments, besides the keyinformation, the server 130 also checks whether the key information isreceived within a specific time window assigned to the second user. Forexample, if the second user is only allowed to unlock electronic lock110 between 8 AM and 2 PM but the key information is received at 3 PM,the server 130 will deny such access request by not issuing aninstruction to unlock the electronic lock 110. In some embodiments, theserver 130 also detects the current location of the second terminal 150associated with the second user who attempts to unlock the electroniclock 110. If the current location of the second terminal 150 is notwithin a predefined region of the electronic lock 110, the server 130may still refuse to unlock the electronic lock 110.

Referring to FIG. 3A, FIG. 3A is a flowchart of an authorization methodapplied to an electronic lock according to another exemplary embodimentof the present disclosure. This embodiment is described by using anexample in which the authorization method applied to an electronic lockis applied to the implementation environment shown in FIG. 1. Theauthorization method includes the following steps:

In step S301, a server receives a binding request sent by a firstinstant messaging client at a first terminal, a first account beinglogged into the first instant messaging client, and the binding requestincluding a lock identifier of an electronic lock.

To obtain management permission on the electronic lock, a terminalsends, by using the first instant messaging client the first account islogged into, the binding request that carries the lock identifier, torequest the server to bind the first account to the electronic lock andgrant the management permission on the electronic lock to the firstaccount.

The first account sends the binding request to the server by using thefirst instant messaging client, and the binding request sent by thefirst instant messaging client the first account is logged into is usedfor binding the first account to the identifier of the electronic lock.In step S302, the server establishes a binding relationship between thefirst account and the lock identifier.

After the binding relationship with the lock identifier is established,the first account has the management permission on the electronic lock.In some embodiments, the first account is the first account bound to theelectronic lock. In some embodiments, there is only one first account.

In step S303, the server receives a binding request sent by a secondinstant messaging client on which a second account is logged into, thebinding request including key information.

A terminal sends, by using the second instant messaging client on whichthe second account is logged into, the binding request that carries thekey information to the server, and the binding request sent by thesecond instant messaging client on which the second account is loggedinto is used for requesting the server to bind the key information ofthe second account to the second account, so that the serversubsequently determines the corresponding key information according tothe account.

In some embodiments, the key information sent by the second instantmessaging client on which the second account is logged into is the keyinformation corresponding to the second account, and the key informationis collected by the second instant messaging client on which the secondaccount is logged into. The key information includes: passwordinformation, and/or fingerprint information, and/or pupil distanceinformation, and/or iris information, and/or face information, and/orpalm print information, and/or gait information, and/or heart rateinformation, and/or pulse information.

In some embodiments, when the key information is the passwordinformation, the key information is a character string entered by auser; when the key information is physiological feature information, thekey information is at least one of the fingerprint information, thepupil distance information, the iris information, the face information,the palm print information, the gait information, the heart rateinformation, or the pulse information collected by the terminal (onwhich the second instant messaging client is run on); and when the keyinformation is behavioral feature information, the key information isthe collected gait information.

In some embodiments, the password information is one or more characterstrings entered by the user.

It should be noted that except the fingerprint information, the pupildistance information, the iris information, the face information, thepalm print information, the gait information, the heart rateinformation, and the pulse information listed above, other physiologicalfeatures or behavioral features that can be used for personal identityauthentication may also be used as the key information. This is notlimited in this embodiment of the present disclosure.

In step S304, the server establishes a binding relationship between thesecond account and the key information.

In some embodiments, for the sake of safety, after transforming thereceived key information to feature data by means of specificprocessing, the server generally establishes and stores the bindingrelationship between the second account and the feature data of thetransformed key information.

It should be noted that step S303 and step S304 may alternatively beperformed before step S301. This is not limited in this embodiment.

In step S305, the first instant messaging client the first account islogged into determines the second account in at least one account.

In some embodiments, the first account may determine the second accountin all accounts in a contact list, or when the second account is not inthe contact list of the first account, the first account may determinethe second account by means of searching for an account.

In some embodiments, there is at least one second account.

As shown in FIG. 3B, the first account logged into the first instantmessaging client is 123456, and the first instant messaging clientdetermines, according to a selection signal triggered by a user, twosecond accounts in “my friend” column 32 of a contact interface 31corresponding to the first account; alternatively, as shown in FIG. 3C,the first account obtains a second account 2345678 that is searched forin a discover interface 33, and determines a personal account “Xiao Xue(2345678)” 34 obtained through search as the second account.

In step S306, the first instant messaging client sends an authorizationrequest to the server, the authorization request being used forrequesting to grant use permission on the electronic lock to the secondaccount.

In some embodiments, the first instant messaging client the firstaccount is logged into sends the authorization request to the server bymeans of sending an instant message. As shown in FIG. 3D, a usercorresponding to the first account opens, in the first instant messagingclient, a conversation window 35 with the electronic lock bound to thefirst account, enters, in a message input box 36, the second account towhich the use permission on the electronic lock is to be granted, andclicks a sending option 37, and then a background of the first instantmessaging client automatically generates the authorization requestincluding the second account and sends the authorization request to theserver.

In some embodiments, the authorization request includes an identifier ofthe second account, the lock identifier of the electronic lockcorresponding to the first account, and the use permission of the secondaccount on the electronic lock.

In some embodiments, the authorization request further includes a timecontrol policy corresponding to the use permission, the time controlpolicy is used for instructing to enable the use permission in at leastone time period, and the time control policy corresponds to the usepermission of the second account.

In step S307, the server receives the authorization request sent by thefirst instant messaging client.

In step S308, the server detects whether the first account hasmanagement permission on the electronic lock.

If detecting that the first account has the management permission on theelectronic lock, the server performs step S309; and if detecting thatthe first account does not have the management permission on theelectronic lock, the server does not respond to the authorizationrequest sent by the first instant messaging client the first account islogged into.

In some embodiments, the server detects whether the binding relationshipbetween the first account and the lock identifier is stored, and whendetecting that the binding relationship between the first account andthe lock identifier is stored, determines that the first account has themanagement permission on the electronic lock.

In step S309, the server detects whether the second account and thefirst account satisfy a predetermined relationship.

Because a user generally only grants the use permission on theelectronic lock to another user that has a specific relationship withthe user, to avoid illegal authorization and to improve safety of theauthorization, before granting the use permission to the second account,the server needs to further detect whether the second account and thefirst account satisfy the predetermined relationship.

The predetermined relationship includes at least one of the followingrelationships:

the second account belongs to a friendship chain of the first account;

a degree of friendship closeness between the second account and thefirst account is greater than a preset threshold;

a nickname of the second account belongs to a nickname set of relatives;and

the second account and the first account belong to a specified group.

When the second account and the first account satisfy at least one ofthe foregoing relationships, the server determines that the secondaccount and the first account satisfy the predetermined relationship. Insome embodiments, the first account and the second account that satisfythe predetermined relationship may simultaneously satisfy any tworelationships, any three relationships, or any four relationships of theforegoing relationships.

In some embodiments, when detecting that the second account and thefirst account are in a friendship with each other, the server may regardthat the second account belongs to the friendship chain of the firstaccount.

In some embodiments, the degree of friendship closeness between thesecond account and the first account is measured by using an interactiverelationship between the first account and the second account. Forexample, the interactive relationship is a quantity of conversations, aquantity of times of liking, or a quantity of comments on trends betweenthe first account and the second account.

In some embodiments, the preset threshold is set by the user or is adefault value.

In some embodiments, the nickname set of relatives includes presetrelative title vocabularies, including relative titles such as “mother,father, daughter, and son” and the like.

In some embodiments, a nickname of the second account is an aliasnickname corresponding to the second account in the first instantmessaging client. In some embodiments, the specified group is one ormore groups pre-specified in the first instant messaging client by thefirst account, and an account in the specified group may have thefriendship with the first account, or may not have the friendship withthe first account.

For example, that the first account determines the second account in thecontact list may be regarded as that the second account belongs to thefriendship chain of the first account; alternatively, after the firstaccount obtains, through query, the second account by means of searchingfor the account, and adds the second account into the specified group,the second account and the first account also satisfy the predeterminedrelationship.

If finding that the second account and the first account satisfy thepredetermined relationship, the server performs step S310; and iffinding that the second account and the first account do not satisfy thepredetermined relationship, the server does not respond to theauthorization request sent by the first instant messaging client thefirst account is logged into.

In step S310, the server queries for, according to the authorizationrequest, the key information bound to the second account.

The server queries for, according to the second account in the receivedauthorization request, the key information bound to the second account.

In a possible implementation, the server obtains, through query, thefingerprint information bound to the second account.

In step S311, the server queries for a gateway device corresponding tothe electronic lock.

Because the sever cannot directly communicate with the electronic lock,to send the key information obtained through query to the electroniclock, the server needs to further query for the gateway devicecorresponding to the electronic lock, and sends the key information tothe electronic lock by using the gateway device.

In some embodiments, one identifier of the electronic lock correspondsto one identifier of the gateway device, and the server stores acorrespondence between the lock identifier of the electronic lock andthe identifier of the gateway device.

In step S312, the server sends the key information to the electroniclock by using the gateway device.

The key information sent by the server is the key information bound tothe second account. In step S313, the electronic lock receives the keyinformation that is sent by the server by using the gateway device andthat is of the second account.

In step S314, the electronic lock adds the key information into atrusted key information store.

After receiving the key information sent by the gateway device, theelectronic lock adds the key information bound to the second accountinto the trusted key information store of the electronic lock, andsubsequently, the electronic lock identifies a user identity accordingto the key information stored in the trusted key information store.

In some embodiments, when the electronic lock disconnects from thegateway device, a user that already stores the key information in thetrusted key information store of the electronic lock can still open theelectronic lock.

By using the foregoing authorization method, when a user to beauthorized is away from the electronic lock, the server can still enrollthe key information into the electronic lock from a remote end, ensuringauthorization to be implemented as normal; further, when a greatquantity of users need to be authorized, the manager can implement batchauthorization by using the foregoing method, and does not need tocollect and enroll the key information for each user to be authorized,thereby improving the authorization efficiency.

Based on the above, in the authorization method applied to an electroniclock according to this embodiment of the present disclosure, the serverreceives the authorization request sent by the first instant messagingclient the first account is logged into, and queries for, according tothe authorization request, the key information bound to the secondaccount, so as to send the key information to the electronic lock, andthe electronic lock adds the key information into the trusted keyinformation store. The problem that when being away from the electroniclock, the user cannot enroll the key information such as a fingerprintinto the electronic lock, and authorization cannot be implemented isresolved. Even being away from the electronic lock, the user can enrollthe key information into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

Furthermore, in the authorization method applied to an electronic lockaccording to this embodiment of the present disclosure, whether thefirst account has the management permission on the electronic lock isfurther detected, to avoid that the use permission on the electroniclock is randomly changed, thereby ensuring safety of the electroniclock.

Furthermore, in the authorization method applied to an electronic lockaccording to this embodiment of the present disclosure, whether thesecond account and the first account satisfy the predeterminedrelationship is found, and when the second account and the first accountsatisfy the predetermined relationship, the use permission to theelectronic lock is granted to the second account, to avoid that amanager delivers, due to carelessness, the use permission on theelectronic lock to a suspicious person, thereby improving the safety ofthe electronic lock.

In an optional embodiment based on this embodiment shown in FIG. 3A, theauthorization request sent by the first instant messaging client thefirst account is logged into further includes a time control policycorresponding to the use permission. That is, the authorization methodapplied to an electronic lock further includes step S315, step S316, andstep S317, as shown in FIG. 4A.

In step S315, the server sends a time control policy to the electroniclock.

The time control policy is used for instructing to enable the usepermission in at least one time period, and the time control policycorresponds to the use permission of the second account.

In some embodiments, the time control policy is set on the first instantmessaging client by the first account, and time control policiescorresponding to different second accounts may be the same or different.The time control policy may be sent, when the authorization request issent to the server, by the first instant messaging client the firstaccount is logged into.

In some embodiments, when receiving the authorization request sent bythe first instant messaging client the first account is logged into, theserver receives the time control policy corresponding to the usepermission on the electronic lock, and the server simultaneously sendsthe key information of the second account and the corresponding timecontrol policy to the electronic lock by using the gateway device.

For example, a user corresponding to the first account uses afingerprint door lock on a front door of a house of the user, the secondaccount corresponds to an hourly worker of the house of the user, andthe hourly worker needs to go to the house of the user corresponding tothe first account at 15:00 each day and do the cleaning. The usercorresponding to the first account grants, by using the first account,use permission on the fingerprint door lock to the second accountcorresponding to the hourly worker, and sets the time control policy asthat the second account corresponding to the hourly worker can open thefingerprint door lock between 15:00 and 15:10 each day.

It should be noted that this step may be simultaneously performed withstep S312. This is not limited in this embodiment.

In step S316, the electronic lock receives the time control policy.

The electronic lock receives the time control policy corresponding tothe use permission of the second account.

In some embodiments, when receiving the key information sent by theserver, the electronic lock simultaneously receives the correspondingtime control policy.

It should be noted that this step may be simultaneously performed withstep S313. This is not limited in this embodiment.

In step S317, the electronic lock associatively stores the time controlpolicy and the key information.

After associating the time control policy with the corresponding keyinformation of the second account, the electronic lock stores acorrespondence between the time control policy and the key informationof the second account

Furthermore, in the authorization method applied to an electronic lockaccording to this embodiment of the present disclosure, the server sendsthe time control policy to the electronic lock, and the electronic lockassociatively stores the time control policy and the key information, sothat different key information can open the electronic lock in differenttime periods, the manager can flexibly and properly control the userpermission on the electronic lock, and the safety performance of theelectronic lock is improved.

In some embodiments, in the foregoing authorization method applied to anelectronic lock, the first account may query for, modify, and delete theuse permission on the electronic lock by using the first instantmessaging client. That is, the user corresponding to the first accountmay obtain, through query by using the first instant messaging client,all second accounts to which the use permission on the electronic lockis granted, or obtain, through query, the use permission on theelectronic lock of a specific second account, and may also modify ordelete the use permission based on a query result.

For example, as shown in FIG. 4B, the user corresponding to the firstaccount opens a conversation window 41 in the first instant messagingclient with the electronic lock bound to the first account, sends amessage 42 of “querying for 4567893”, and obtains a query result 43corresponding to a second account “4567893”. The query result 43includes a permission grant status, a grant time point, and a timecontrol policy corresponding to the use permission that are of thesecond account “4567893”. If clicking on a modify option 44, the usercan modify the use permission of the second account; and if clicking ona delete option 45, the user deletes the use permission of the secondaccount.

It should be noted that in this foregoing embodiment, a step of which anexecution body is the server may be independently performed as anauthorization method at a server side, a step of which an execution bodyis the electronic lock may be independently performed as anauthorization method at an electronic lock side, and a step of which anexecution body is the instant messaging client may be independentlyperformed as an authorization method at a terminal side. Details are notfurther described in this embodiment of the present disclosure.

Referring to FIG. 5, FIG. 5 is a structural block diagram of anauthorization apparatus applied to an electronic lock according to anembodiment of the present disclosure. The authorization apparatusapplied to an electronic lock may be achieved, by using software,hardware, or a combination of the software and the hardware, to be allor a part of the server that can provide the authorization methodapplied to an electronic lock. The apparatus includes:

-   -   a first receiving module 510, configured to receive an        authorization request sent by a first instant messaging client        at a first terminal, a first account being logged into the first        instant messaging client, and the authorization request being        used for requesting to grant use permission on the electronic        lock to a second account;    -   a query module 520, configured to query for, according to the        authorization request, key information bound to the second        account; and    -   a first sending module 530, configured to send the key        information to the electronic lock, the electronic lock being        configured to add the key information into a trusted key        information store.

Based on the above, the authorization apparatus applied to an electroniclock according to this embodiment of the present disclosure receives theauthorization request sent by the first instant messaging client thefirst account is logged into, and queries for, according to theauthorization request, the key information bound to the second account,so as to send the key information to the electronic lock, and theelectronic lock adds the key information into the trusted keyinformation store. The problem that when being away from the electroniclock, a user cannot enroll the key information such as a fingerprintinto the electronic lock, and authorization cannot be implemented isresolved. Even being away from the electronic lock, the user can enrollthe key information into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

Referring to FIG. 6, FIG. 6 is a structural block diagram of anauthorization apparatus applied to an electronic lock according toanother embodiment of the present disclosure. The authorizationapparatus applied to an electronic lock may be achieved, by usingsoftware, hardware, or a combination of the software and the hardware,to be all or a part of the server that can provide the authorizationmethod applied to an electronic lock. The apparatus includes:

-   -   a first receiving module 510, configured to receive an        authorization request sent by a first instant messaging client        at a first terminal, a first account being logged into the first        instant messaging client, and the authorization request being        used for requesting to grant use permission on the electronic        lock to a second account;    -   a query module 520, configured to query for, according to the        authorization request, key information bound to the second        account; and    -   a first sending module 530, configured to send the key        information to the electronic lock, the electronic lock being        configured to add the key information into a trusted key        information store.

In some embodiments, the apparatus further includes:

-   -   a first detection module 540, configured to detect whether the        first account has management permission on the electronic lock;        and    -   a second execution module 550, configured to perform, when the        first account has the management permission on the electronic        lock, the step of querying for, according to the authorization        request, key information bound to the second account.

In some embodiments, the apparatus further includes:

-   -   a second detection module 560, configured to detect whether the        second account and the first account satisfy a predetermined        relationship; and    -   a second execution module 570, configured to perform, when the        second account and the first account satisfy the predetermined        relationship, the step of querying for, according to the        authorization request, key information bound to the second        account, the predetermined relationship including at least one        of the following relationships:    -   the second account belongs to a friendship chain of the first        account;    -   a degree of friendship closeness between the second account and        the first account is greater than a preset threshold;    -   a nickname of the second account belongs to a nickname set of        relatives; and    -   the second account and the first account belong to a specified        group.

In some embodiments, the first sending module 530 includes:

-   -   a query unit 531, configured to query for a gateway device        corresponding to the electronic lock; and    -   a sending unit 532, configured to send the key information to        the electronic lock by using the gateway device.

In some embodiments, the authorization request further includes a timecontrol policy corresponding to the use permission, and the time controlpolicy is used for instructing to enable the use permission in at leastone time period.

The apparatus further includes:

-   -   a second sending module 580, configured to send the time control        policy to the electronic lock, the electronic lock being        configured to associatively store the time control policy and        the key information.

In some embodiments, the apparatus further includes:

-   -   a second receiving module 590, configured to receive a binding        request sent by a second instant messaging client, the second        account being logged into the second instant messaging client,        and the binding request including the key information; and    -   a first binding module 591, configured to establish a binding        relationship between the second account and the key information,    -   the key information including: password information, and/or        fingerprint information, and/or pupil distance information,        and/or iris information, and/or face information, and/or palm        print information, and/or gait information, and/or heart rate        information, and/or pulse information.

In some embodiments, the apparatus further includes:

-   -   a third receiving module 592, configured to receive a binding        request sent by the first instant messaging client, the binding        request including a lock identifier of the electronic lock; and    -   a second binding module 593, configured to establish a binding        relationship between the first account and the lock identifier.

Based on the above, the authorization apparatus applied to an electroniclock according to this embodiment of the present disclosure receives theauthorization request sent by the first instant messaging client thefirst account is logged into, and queries for, according to theauthorization request, the key information bound to the second account,so as to send the key information to the electronic lock, and theelectronic lock adds the key information into the trusted keyinformation store. The problem that when being away from the electroniclock, a user cannot enroll the key information such as a fingerprintinto the electronic lock, and authorization cannot be implemented isresolved. Even being away from the electronic lock, the user can enrollthe key information into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

Furthermore, the authorization apparatus applied to an electronic lockaccording to this embodiment of the present disclosure further detectswhether the first account has the management permission on theelectronic lock, to avoid that the use permission on the electronic lockis randomly changed, thereby ensuring safety of the electronic lock.

Furthermore, the authorization apparatus applied to an electronic lockaccording to this embodiment of the present disclosure further findswhether the second account and the first account satisfy thepredetermined relationship, and when the second account and the firstaccount satisfy the predetermined relationship, grants the usepermission to the second account, to avoid that a manager delivers, dueto carelessness, the use permission on the electronic lock to asuspicious person, thereby improving the safety of the electronic lock.

Referring to FIG. 7, FIG. 7 is a structural block diagram of anauthorization apparatus applied to an electronic lock according toanother embodiment of the present disclosure. The authorizationapparatus applied to an electronic lock may be achieved, by usingsoftware, hardware, or a combination of the software and the hardware,to be all or a part of the electronic lock that can provide theauthorization method applied to an electronic lock. The apparatusincludes:

-   -   a first receiving module 710, configured to receive key        information that is sent by a server and that is of a second        account, the key information being obtained by the server        through query according to an authorization request sent by a        first instant messaging client at a first terminal, a first        account being logged into the first instant messaging client,        and the authorization request being used for requesting to grant        use permission on the electronic lock to the second account; and    -   an adding module 720, configured to add the key information into        a trusted key information store.

Based on the above, the authorization apparatus applied to an electroniclock according to this embodiment of the present disclosure receives thekey information that is sent by the server and that is of the secondaccount, and adds the key information into the trusted key informationstore. The problem that when being away from the electronic lock, a usercannot enroll the key information such as a fingerprint into theelectronic lock, and authorization cannot be implemented is resolved.Even being away from the electronic lock, the user can enroll the keyinformation into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

Referring to FIG. 8, FIG. 8 is a structural block diagram of anauthorization apparatus applied to an electronic lock according toanother embodiment of the present disclosure. The authorizationapparatus applied to an electronic lock may be achieved, by usingsoftware, hardware, or a combination of the software and the hardware,to be all or a part of the electronic lock that can provide theauthorization method applied to an electronic lock. The apparatusincludes:

-   -   a first receiving module 710, configured to receive key        information that is sent by a server and that is of a second        account, the key information being obtained by the server        through query according to an authorization request sent by a        first instant messaging client at a first terminal, a first        account being logged into the first instant messaging client,        and the authorization request being used for requesting to grant        use permission on the electronic lock to the second account; and    -   an adding module 720, configured to add the key information into        a trusted key information store.

In some embodiments, the first receiving module 710 is specificallyconfigured to receive the key information sent by the server by using agateway device, there is a correspondence between the gateway device andthe electronic lock, and

the key information includes: password information, and/or fingerprintinformation, and/or pupil distance information, and/or iris information,and/or face information, and/or palm print information, and/or gaitinformation, and/or heart rate information, and/or pulse information.

In some embodiments, the authorization request further includes a timecontrol policy corresponding to the use permission, and the apparatusfurther includes:

-   -   a second receiving module 730, configured to receive the time        control policy, the time control policy being used for        instructing to enable the use permission in at least one time        period; and    -   a storage module 740, configured to associatively store the time        control policy and the key information.

Based on the above, the authorization apparatus applied to an electroniclock according to this embodiment of the present disclosure receives thekey information that is sent by the server and that is of the secondaccount, and adds the key information into the trusted key informationstore. The problem that when being away from the electronic lock, a usercannot enroll the key information such as a fingerprint into theelectronic lock, and authorization cannot be implemented is resolved.Even being away from the electronic lock, the user can enroll the keyinformation into the electronic lock from a remote end, and theauthorization is ensured to be implemented as normal.

Furthermore, the authorization apparatus applied to an electronic lockaccording to this embodiment of the present disclosure further detectswhether the first account has the management permission on theelectronic lock, to avoid that the use permission on the electronic lockis randomly changed, thereby ensuring safety of the electronic lock.

Furthermore, the authorization apparatus applied to an electronic lockaccording to this embodiment of the present disclosure further findswhether the second account and the first account satisfy thepredetermined relationship, and when the second account and the firstaccount satisfy the predetermined relationship, grants the usepermission to the second account, to avoid that a manager delivers, dueto carelessness, the use permission on the electronic lock to asuspicious person, thereby improving the safety of the electronic lock.

Referring to FIG. 9, FIG. 9 is a structural block diagram of anauthorization apparatus applied to an electronic lock according toanother embodiment of the present disclosure. The authorizationapparatus applied to an electronic lock may be achieved, by usingsoftware, hardware, or a combination of the software and the hardware,to be all or a part of the terminal that can provide the authorizationmethod applied to an electronic lock. The apparatus includes:

-   -   a determining module 910, configured to determine a second        account in at least one account; and    -   a first request sending module 920, configured to send an        authorization request to a server, the authorization request        being used for requesting to grant use permission on the        electronic lock to the second account, the server being        configured to query for, according to the authorization request,        key information bound to the second account, and send the key        information to the electronic lock, and the electronic lock        being configured to add the key information into a trusted key        information store.

Based on the above, the authorization apparatus applied to an electroniclock according to this embodiment of the present disclosure determinesthe second account in the at least one account, and sends theauthorization request to the server, the authorization request beingused for requesting to grant the use permission on the electronic lockto the second account, the server being configured to query for,according to the authorization request, the key information bound to thesecond account, and send the key information to the electronic lock, andthe electronic lock being configured to add the key information into thetrusted key information store. The problem that when being away from theelectronic lock, a user cannot enroll the key information such as afingerprint into the electronic lock, and authorization cannot beimplemented is resolved. Even being away from the electronic lock, theuser can enroll the key information into the electronic lock from aremote end, and the authorization is ensured to be implemented as normal

In some embodiments, the apparatus further includes:

-   -   a second request sending module 930, configured to send a        binding request to the server, the binding request including a        lock identifier of the electronic lock, and the server being        configured to establish a binding relationship between the first        account and the lock identifier.

It should be noted that: when the authorization apparatus applied to anelectronic lock provided by the foregoing embodiments provides anauthorization service for the electronic lock, only division of eachfunctional module is used as an example for description. In practicalapplication, the foregoing functions may be allocated to and completedby different functional modules as required, that is, an inner structureof a device is divided into different functional modules, so as tocomplete all or some of the functions described above. Besides, theauthorization apparatus applied to an electronic lock provided in theforegoing embodiments and the embodiments of the authorization methodapplied to an electronic lock belong to a same concept. For a specificimplementation process, refer to the method embodiments. Details are notdescribed herein again.

Referring to FIG. 10, FIG. 10 is a structural block diagram of a serveraccording to an embodiment of the present disclosure. A server 1000 isimplemented as the server 130 in FIG. 1. Specifically:

The server 1000 includes a central processing unit (CPU) 1001, a systemmemory 1004 including a random access memory (RAM) 1002 and a read onlymemory (ROM) 1003, and a system bus 1005 connecting the system memory1004 and the CPU 1001. The server 1000 further includes a basicinput/output system (I/O system) 1006 used for transmitting informationbetween components in a computer, and a mass storage device 1007 usedfor storing an operating system 1013, an application program 1014, andanother program module 1015.

The basic I/O system 1006 includes a display 1008 configured to displayinformation, and an input device 1009, such as a mouse or a keyboard,configured to input information by a user. The display 1008 and theinput device 1009 are both connected to the CPU 1001 by using an inputand output controller 1010 connected to the system bus 1005. The basicI/O system 1006 may further include the input and output controller1010, so as to receive and process input from multiple other devicessuch as a keyboard, a mouse, and an electronic stylus. Similarly, theinput and output controller 1010 further provides an output to a displayscreen, a printer or another type of output device.

The mass storage device 1007 is connected to the CPU 1001 by using amass storage controller (not shown) connected to the system bus 1005.The mass storage device 1007 and an associated non-transitory computerreadable storage medium provide non-volatile storage to the server 1000.That is, the mass storage device 1007 may include a computer readablestorage medium (not shown) such as a hard disk or a CD-ROM drive.

In general, the computer readable storage medium may include acommunications medium. The computer readable storage medium includesvolatile and non-volatile media, and removable and non-removable mediaimplemented by using any method or technology used for storinginformation such as a computer readable instruction, a data structure, aprogram module or other data. The computer readable storage mediumincludes a RAM, a ROM, an EPROM, an EEPROM, a flash memory or othersolid storage technologies; a CD-ROM, a DVD or other optical storages;and a cassette, a magnetic tape, a disk storage or other magneticstorage devices. Certainly, a person in the art may know that thecomputer readable storage medium is not limited to the foregoing. Thesystem memory 1004 and the mass storage device 1007 may be collectivelyreferred to as a memory.

According to the embodiments of the present disclosure, the server 1000may further be connected to a remote computer on a network by using anetwork, such as Internet. That is, the server 1000 may be connected toa network 1012 by using a network interface unit 1011 connected to thesystem bus 1005, or, may be connected to a network of another type or aremote computer system (not shown) by using the network interface unit1011.

The memory further includes one or more programs, the one or moreprograms are stored in the memory, and the one or more programs includeinstructions used for performing the authorization method at a serverside according to the embodiments of the present disclosure.

Referring to FIG. 11, FIG. 11 is a schematic structural diagram of anelectronic lock according to an embodiment of the present disclosure.The electronic lock may be configured to implement the authorizationmethod according to the foregoing embodiments. Specifically:

An electronic lock 1100 may include a lock body 1110, a memory 1120having one or more computer readable storage media, an input unit 1130,a display unit 1140, a transmission unit 1170, a processor 1180including one or more processor cores, a power supply 1190, and othercomponents. A person skilled in the art may understand that thestructure of the lock shown in FIG. 11 does not constitute a limitationto the electronic lock, and the electronic may include more or fewercomponents than those shown in the figure, or some components may becombined, or a different component deployment may be used.

The lock body 1110 is a one-way lock body, a three-way lock body, afour-way lock body, or the like, and the lock body 1110 is in an openstate or a closed state under control of the processor 1118.

The memory 1120 may be configured to store a software program andmodule. The processor 1180 runs the software program and module storedin the memory 1120, to implement various functional applications anddata processing. The memory 1120 may mainly include a program storagearea and a data storage area. The program storage area may store anapplication program required by at least one function, and the datastorage area may store enrolled key information and corresponding usepermission information. In addition, the memory 1120 may include a highspeed random access memory, and may also include a non-volatile memory,such as at least one magnetic disk storage device, a flash memory, oranother volatile solid-state storage device. Correspondingly, the memory1120 may further include a memory controller, so as to provide access ofthe processor 1180 and the input unit 1130 to the memory 1120.

The input unit 1130 is configured to receive key information input by auser. The input unit 1130 may include a touch-sensitive surface 1131 andanother input device 1132. The touch-sensitive surface 1131, which mayalso be referred to as a touch display screen or a touch control board,may collect a touch operation of a user on or near the touch-sensitivesurface 1131 (such as an operation of the user on or near thetouch-sensitive surface 1131 by using any suitable object or accessory,such as a finger or a stylus), and drive a corresponding connectionapparatus according to a preset program. In some embodiments, thetouch-sensitive surface 1131 may include two parts: a touch detectionapparatus and a touch controller. The touch detection apparatus detectsa touch position of the user, detects a signal generated by the touchoperation, and transfers the signal to the touch controller. The touchcontroller receives the touch information from the touch detectionapparatus, converts the touch information into touch point coordinates,and sends the touch point coordinates to the processor 1180. Moreover,the touch controller can receive and execute a command sent from theprocessor 1180. In addition, the touch-sensitive surface 1131 may be aresistive, capacitive, infrared, or surface sound wave typetouch-sensitive surface. In addition to the touch-sensitive surface1131, the input unit 1130 may further include another input device 1132.Specifically, the input device 1132 may include but is not limited toone or more of a fingerprint collector, a palm print collector, an iriscollector, and a heart rate collector.

The display unit 1140 may be configured to display information input bythe user or information provided for the user, and various graphicaluser interfaces of the electronic lock 1100. The graphical userinterfaces may be formed by a graph, text, an icon, a video, or anycombination thereof. The display unit 1140 may include a display panel1141. In some embodiments, the display panel 1141 may be configured byusing a liquid crystal display (LCD), an organic light-emitting diode(OLED), or the like. Further, the touch-sensitive surface 1131 may coverthe display panel 1141. After detecting a touch operation on or near thetouch-sensitive surface 1131, the touch-sensitive surface 1131 transfersthe touch operation to the processor 1180, so as to determine the typeof the touch event. Then, the processor 1180 provides a correspondingvisual output on the display panel 1141 according to the type of thetouch event. Although, in FIG. 11, the touch-sensitive surface 1131 andthe display panel 1141 are used as two separate parts to implement inputand output functions, in some embodiments, the touch-sensitive surface1131 and the display panel 1141 may be integrated to implement the inputand output functions.

In this embodiment, the electronic lock 1100 performs data transmissionwith a gateway device by using a communications module 1170. Thecommunications module 1170 is a low-power near field communicationsmodule, such as a Bluetooth module or a Zigbee module.

The processor 1180 is a control center of the electronic lock 1100, isconnected to various parts of a mobile phone by using various interfacesand lines, and by means of running or executing a software programand/or module stored in the memory 1120, performs various functions ofthe electronic lock 1100 and processes data, so as to perform overallmonitoring. In some embodiments, the processor 1180 may include one ormore processor cores. Preferably, the processor 1180 may integrate anapplication processor and a modem. The application processor mainlyprocesses an operating system, a user interface, an application program,and the like. The modem mainly processes wireless communication. It maybe understood that the modem may also not be integrated into theprocessor 1180.

The electronic lock 1100 further includes the power supply 1190 (such asa battery) supplying power to the components. Preferably, the powersupply may be logically connected to the processor 1180 by using a powersupply management system, so as to implement functions such asmanagement of charging, discharging, and energy consumption by using thepower supply management system. The power supply 1190 may furtherinclude one or more of a direct current or alternating current powersupply, a re-charging system, a power supply failure detection circuit,a power supply converter or inverter, a power supply state indicator,and any other components.

Although not shown in the figure, the electronic lock 1100 may furtherinclude a camera, and other components. Details are not furtherdescribed herein. Specifically, in this embodiment, the input unit ofthe electronic lock 1100 is a fingerprint collector, and the displayunit is a touch screen display. The electronic lock 1100 furtherincludes a memory and one or more programs. The one or more programs arestored in the memory and configured to be executed by one or moreprocessors. The one or more programs include instructions used forexecuting operations in the foregoing authorization method.

In an exemplary embodiment, a non-transitory computer readable storagemedium including instructions is further provided, for example, a memoryincluding instructions, and the foregoing instructions may be executedby a processor in a server or an electronic lock to implement theauthorization method shown in the embodiment of FIG. 2A, the embodimentof FIG. 3A, or the embodiment of FIG. 4A. For example, thenon-transitory computer readable storage medium may be a ROM, a RAM, aCD-ROM, a magnetic tape, a floppy disk, or an optical data storagedevice.

Referring to FIG. 12, FIG. 12 is a structural block diagram of anauthorization system applied to an electronic lock according to anembodiment of the present disclosure. The authorization system appliedto an electronic lock includes: a server 1210, an electronic lock 1220,and a terminal 1230.

The server 1210 includes the apparatus shown in FIG. 4 or FIG. 5;

-   -   the electronic lock 1220 includes the apparatus shown in FIG. 6        or FIG. 7; and    -   the terminal 1230 includes the apparatus shown in FIG. 8;    -   or    -   the server 1210 includes the server shown in FIG. 10; and    -   the electronic lock 1220 includes the electronic lock shown in        FIG. 11.

The sequence numbers of the foregoing embodiments of the presentdisclosure are merely for description purpose but do not indicate thepreference of the embodiments.

A person of ordinary skill in the art may understand that all or some ofthe steps of the foregoing embodiments may be implemented by usinghardware, or may be implemented by a program instructing relevanthardware. The program may be stored in a non-transitory computerreadable storage medium. The storage medium may be a ROM, a magneticdisk, an optical disc, or the like.

The foregoing descriptions are merely preferred embodiments of thepresent disclosure, but are not intended to limit the presentdisclosure. Any modification, equivalent replacement, or improvementmade within the spirit and principle of the present disclosure shallfall within the protection scope of the present disclosure.

What is claimed is:
 1. An authorization method applied to an electroniclock performed at a computer server having one or more processors andmemory storing instructions to be executed by the one or moreprocessors, comprising: receiving an authorization request sent by afirst instant messaging client at a first terminal, a first accountbeing logged into the first instant messaging client, and theauthorization request being used for requesting to grant use permissionon the electronic lock to a second account; querying for, according tothe authorization request, key information bound to the second account;and sending the key information to the electronic lock, the electroniclock being configured to add the key information into a trusted keyinformation store.
 2. The method according to claim 1, wherein beforethe querying for, according to the authorization request, keyinformation bound to the second account, the method further comprises:detecting whether the first account has management permission on theelectronic lock; and performing, when the first account has themanagement permission on the electronic lock, the step of querying for,according to the authorization request, key information bound to thesecond account.
 3. The method according to claim 1, wherein before thequerying for, according to the authorization request, key informationbound to the second account, the method further comprises: detectingwhether the second account and the first account satisfy a predeterminedrelationship; and performing, when the second account and the firstaccount satisfy the predetermined relationship, the step of queryingfor, according to the authorization request, key information bound tothe second account, the predetermined relationship comprising at leastone of the following relationships: the second account belongs to afriendship chain of the first account; a degree of friendship closenessbetween the second account and the first account is greater than apreset threshold; a nickname of the second account belongs to a nicknameset of relatives; and the second account and the first account belong toa specified group.
 4. The method according to claim 1, wherein thesending the key information to the electronic lock comprises: queryingfor a gateway device corresponding to the electronic lock; and sendingthe key information to the electronic lock by using the gateway device.5. The method according to claim 1, wherein the authorization requestfurther comprises a time control policy corresponding to the usepermission, and the time control policy is used for instructing toenable the use permission in at least one time period; and the methodfurther comprises: sending the time control policy to the electroniclock, the electronic lock being configured to associatively store thetime control policy and the key information.
 6. The method according toclaim 1, wherein before the querying key information bound to the secondinstant messaging client, the method further comprises: receiving abinding request sent by a second instant messaging client at a secondterminal, the second account being logged into the second instantmessaging client, and the binding request comprising the keyinformation; and establishing a binding relationship between the secondaccount and the key information, the key information comprising:password information, and/or fingerprint information, and/or pupildistance information, and/or iris information, and/or face information,and/or palm print information, and/or gait information, and/or heartrate information, and/or pulse information.
 7. The method according toclaim 1, wherein before the querying key information bound to the secondinstant messaging client, the method further comprises: receiving abinding request sent by the first instant messaging client, the bindingrequest comprising a lock identifier of the electronic lock; andestablishing a binding relationship between the first account and thelock identifier.
 8. The method according to claim 1, further comprising:receiving a verification request sent by the electronic lock, theverification request including a user account logged into an instantmessaging client associated with the electronic lock and keyinformation; identifying one or more user accounts that have beengranted user permission to the electronic lock according to the useraccount logged into an instant messaging client associated with theelectronic lock and their associated key information; and returning averification response to the electronic lock based on a comparison ofthe key information in the verification request and the key informationassociated with the identified one or more user accounts, wherein theelectronic lock is configured to perform in accordance with theverification response.
 9. The method according to claim 8, wherein thecomparison of the key information in the verification request and thekey information associated with the identified one or more user accountsfurther comprises: determining a second account logged into a secondinstant messaging client at a second terminal according to the keyinformation in the verification request; determining a current locationof the second terminal; and denying the verification request inaccordance with a determination that the current location of the secondterminal is outside a predefined region of the electronic lock.
 10. Acomputer server comprising: one or more processors; memory; and aplurality of instructions stored in the memory that, when executed bythe one or more processors, cause the computer server to perform thefollowing operations: receiving an authorization request sent by a firstinstant messaging client at a first terminal, a first account beinglogged into the first instant messaging client, and the authorizationrequest being used for requesting to grant use permission on theelectronic lock to a second account; querying for, according to theauthorization request, key information bound to the second account; andsending the key information to the electronic lock, the electronic lockbeing configured to add the key information into a trusted keyinformation store.
 11. The computer server according to claim 10,wherein before the querying for, according to the authorization request,key information bound to the second account, the operations furthercomprise: detecting whether the first account has management permissionon the electronic lock; and performing, when the first account has themanagement permission on the electronic lock, the step of querying for,according to the authorization request, key information bound to thesecond account.
 12. The computer server according to claim 10, whereinbefore the querying for, according to the authorization request, keyinformation bound to the second account, the operations furthercomprise: detecting whether the second account and the first accountsatisfy a predetermined relationship; and performing, when the secondaccount and the first account satisfy the predetermined relationship,the step of querying for, according to the authorization request, keyinformation bound to the second account, the predetermined relationshipcomprising at least one of the following relationships: the secondaccount belongs to a friendship chain of the first account; a degree offriendship closeness between the second account and the first account isgreater than a preset threshold; a nickname of the second accountbelongs to a nickname set of relatives; and the second account and thefirst account belong to a specified group.
 13. The computer serveraccording to claim 10, wherein the sending the key information to theelectronic lock comprises: querying for a gateway device correspondingto the electronic lock; and sending the key information to theelectronic lock by using the gateway device.
 14. The computer serveraccording to claim 10, wherein the authorization request furthercomprises a time control policy corresponding to the use permission, andthe time control policy is used for instructing to enable the usepermission in at least one time period; and the operations furthercomprise: sending the time control policy to the electronic lock, theelectronic lock being configured to associatively store the time controlpolicy and the key information.
 15. The computer server according toclaim 10, wherein before the querying key information bound to thesecond instant messaging client, the operations further comprise:receiving a binding request sent by a second instant messaging client ata second terminal, the second account being logged into the secondinstant messaging client, and the binding request comprising the keyinformation; and establishing a binding relationship between the secondaccount and the key information, the key information comprising:password information, and/or fingerprint information, and/or pupildistance information, and/or iris information, and/or face information,and/or palm print information, and/or gait information, and/or heartrate information, and/or pulse information.
 16. The computer serveraccording to claim 10, wherein before the querying key information boundto the second instant messaging client, the operations further comprise:receiving a binding request sent by the first instant messaging client,the binding request comprising a lock identifier of the electronic lock;and establishing a binding relationship between the first account andthe lock identifier.
 17. The computer server according to claim 10,wherein the operations further comprise: receiving a verificationrequest sent by the electronic lock, the verification request includinga user account logged into an instant messaging client associated withthe electronic lock and key information; identifying one or more useraccounts that have been granted user permission to the electronic lockaccording to the user account logged into an instant messaging clientassociated with the electronic lock and their associated keyinformation; and returning a verification response to the electroniclock based on a comparison of the key information in the verificationrequest and the key information associated with the identified one ormore user accounts, wherein the electronic lock is configured to performin accordance with the verification response.
 18. The computer serveraccording to claim 17, wherein the comparison of the key information inthe verification request and the key information associated with theidentified one or more user accounts further comprises: determining asecond account logged into a second instant messaging client at a secondterminal according to the key information in the verification request;determining a current location of the second terminal; and denying theverification request in accordance with a determination that the currentlocation of the second terminal is outside a predefined region of theelectronic lock.
 19. A non-transitory computer readable storage mediumstoring a plurality of instructions configured for execution by acomputer server having one or more processors, the plurality ofinstructions causing the computer server to perform the followingoperations: receiving an authorization request sent by a first instantmessaging client at a first terminal, a first account being logged intothe first instant messaging client, and the authorization request beingused for requesting to grant use permission on the electronic lock to asecond account; querying for, according to the authorization request,key information bound to the second account; and sending the keyinformation to the electronic lock, the electronic lock being configuredto add the key information into a trusted key information store.
 20. Thenon-transitory computer readable storage medium according to claim 19,wherein the operations further comprise: receiving a verificationrequest sent by the electronic lock, the verification request includinga user account logged into an instant messaging client associated withthe electronic lock and key information; identifying one or more useraccounts that have been granted user permission to the electronic lockaccording to the user account logged into an instant messaging clientassociated with the electronic lock and their associated keyinformation; and returning a verification response to the electroniclock based on a comparison of the key information in the verificationrequest and the key information associated with the identified one ormore user accounts, wherein the electronic lock is configured to performin accordance with the verification response.